{"_id":"564e53f5c3553e0d003e53c3","category":{"_id":"564de2ddfe07a81700b5c3a9","version":"564de2dbfe07a81700b5c3a8","pages":["564de2ddfe07a81700b5c3ab","564df4ab5eab6e0d0069ca13","564e53f5c3553e0d003e53c3","564e556e2b223c2b00496a37","56a7b36ecf6d771700baeefb"],"project":"564de2dbfe07a81700b5c3a5","__v":5,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-11-19T14:55:25.130Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"githubsync":"","user":"564de2b4fe07a81700b5c3a4","parentDoc":null,"version":{"_id":"564de2dbfe07a81700b5c3a8","project":"564de2dbfe07a81700b5c3a5","__v":10,"createdAt":"2015-11-19T14:55:23.838Z","releaseDate":"2015-11-19T14:55:23.837Z","categories":["564de2ddfe07a81700b5c3a9","564df317826645210097a890","564df3217c8f372b00b934df","564e5227c3553e0d003e53ba","5666dac5d784a70d00397bcb","56cd08ddd98d851d00c0c3bd","56e9a50946bfd60e008840a7","5718e37bf8f7de1900683fad","58c3308dfedf070f0043b72c","58ce99c75457d02300560c0a"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":3,"project":"564de2dbfe07a81700b5c3a5","updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-11-19T22:57:57.594Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"[block:callout]\n{\n \"type\": \"success\",\n \"title\": \"Need an API Key?\",\n \"body\": \"No problem! Sign up for one at [app.embed.ly](https://app.embed.ly/signup)\"\n}\n[/block]\nTo authenticate your requests, include ``key`` as a query parameter, it should look like this::\n\n``https://api.embedly.com/:version/:endpoint?key=:key&<additional query parameters>``\n\nChoose ``:version`` and ``:endpoint`` depending on the part of the API that you want to access, e.g. ``1/oembed`` for the [/1/oembed](doc:oembed) or ``1/extract`` for the [/1/extract](doc:extract). Replace ``:key`` with the unique API key shown in [the app dashboard](https://app.embed.ly)..\n\n[block:api-header]\n{\n \"type\": \"basic\",\n \"title\": \"Restricting Access\"\n}\n[/block]\nBy default, Embedly allows requests from anywhere. Tighter security is also an option. You can use the **API > Key** section of [the app dashboard](https://app.embed.ly) to create a whitelist of referrers and/or IP addresses that Embedly will accept requests from. All other requests will be rejected with a ``403 Forbidden`` response.\n\nWe use a simple \"globbing\" syntax for referrers, where ``*`` is a wildcard that will match any number of characters. To allow all traffic from ``yourdomain.com`` (but not its subdomains), you would enter ``yourdomain.com*``. To allow subdomains as well, you would make it ``*yourdomain.com*``. Take note of the wildcard at the end, which means that requests that indicate a path as well as a host (e.g. ``yourdomain.com/foo``) will be accepted.\n\nGlobbing works similarly for IP addresses. If all of your requests come from a cluster of servers with IP addresses in the range ``1.1.1.1`` to ``1.1.1.255``, then you would set a single rule ``1.1.1.*``.\n\n[block:api-header]\n{\n \"type\": \"basic\",\n \"title\": \"OAuth\"\n}\n[/block]\nTwo-legged OAuth is supported as an alternative to key-based authentication.\n\nYour account can only be configured to use either key-based authentication or OAuth, not both. To switch from one form of authentication to the other, visit the **API > Key** section of [the app dashboard](https://app.embed.ly).","excerpt":"Embedly requires authentication on all endpoints.","slug":"authentication","type":"basic","title":"Authentication"}

Video

Integrations

Authentication

Embedly requires authentication on all endpoints.

[block:callout]
{
"type": "success",
"title": "Need an API Key?",
"body": "No problem! Sign up for one at [app.embed.ly](https://app.embed.ly/signup)"
}
[/block]
To authenticate your requests, include ``key`` as a query parameter, it should look like this::
``https://api.embedly.com/:version/:endpoint?key=:key&<additional query parameters>``
Choose ``:version`` and ``:endpoint`` depending on the part of the API that you want to access, e.g. ``1/oembed`` for the [/1/oembed](doc:oembed) or ``1/extract`` for the [/1/extract](doc:extract). Replace ``:key`` with the unique API key shown in [the app dashboard](https://app.embed.ly)..
[block:api-header]
{
"type": "basic",
"title": "Restricting Access"
}
[/block]
By default, Embedly allows requests from anywhere. Tighter security is also an option. You can use the **API > Key** section of [the app dashboard](https://app.embed.ly) to create a whitelist of referrers and/or IP addresses that Embedly will accept requests from. All other requests will be rejected with a ``403 Forbidden`` response.
We use a simple "globbing" syntax for referrers, where ``*`` is a wildcard that will match any number of characters. To allow all traffic from ``yourdomain.com`` (but not its subdomains), you would enter ``yourdomain.com*``. To allow subdomains as well, you would make it ``*yourdomain.com*``. Take note of the wildcard at the end, which means that requests that indicate a path as well as a host (e.g. ``yourdomain.com/foo``) will be accepted.
Globbing works similarly for IP addresses. If all of your requests come from a cluster of servers with IP addresses in the range ``1.1.1.1`` to ``1.1.1.255``, then you would set a single rule ``1.1.1.*``.
[block:api-header]
{
"type": "basic",
"title": "OAuth"
}
[/block]
Two-legged OAuth is supported as an alternative to key-based authentication.
Your account can only be configured to use either key-based authentication or OAuth, not both. To switch from one form of authentication to the other, visit the **API > Key** section of [the app dashboard](https://app.embed.ly).